finleap-connect · jastBytes · Jul 14, 2021 · Jul 13, 2021 · Jul 13, 2021 · Jul 13, 2021
diff --git a/.github/workflows/backup-operator-docker.yml b/.github/workflows/backup-operator-docker.yml
@@ -54,6 +54,9 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2
-      - uses: helm/[email protected]
+      - run: git config --global user.email "[email protected]"
+      - run: git config --global user.name "Deploy Bot"
+      - run: pip3 install --no-cache-dir -r ci/dev-requirements.txt
+      - run: ./ci/publish.sh
         env:
-          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CHART_PUSH_KEY: "${{ secrets.CHART_PUSH_KEY }}"
diff --git a/ci/deploy_key.enc b/ci/deploy_key.enc
diff --git a/ci/dev-requirements.txt b/ci/dev-requirements.txt
@@ -0,0 +1,11 @@
+## chartpress is important for local development, CI and CD
+## - builds images and can push them also (--push)
+## - updates image names and tags in values.yaml
+## - can publish the built Helm chart (--publish)
+##
+## chartpress is used by
+## - publish
+##
+## ref: https://github.com/jupyterhub/chartpress
+##
+chartpress==0.6.*
diff --git a/ci/publish.sh b/ci/publish.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+echo $PWD
+export PWD=$(pwd)
+export PATH="$PATH:$PWD/tools"
+
+# Setup helm command
+echo "Setting up helm..."
+ln -sf $PWD/tools/helm3 $PWD/tools/helm
+
+set -eu
+
+# Get a private SSH key from the Github secrets. It will
+# be used to establish an identity with rights to push to the git repository
+# hosting our Helm charts: https://github.com/kubism/charts
+echo "$CHART_PUSH_KEY" > ${PWD}/ci/deploy_key
+chmod 0400 ${PWD}/ci/deploy_key
+
+# Activate logging of bash commands now that the sensitive stuff is done
+set -x
+
+# As chartpress uses git to push to our Helm chart repository, we configure
+# git ahead of time to use the identity we decrypted earlier.
+export GIT_SSH_COMMAND="ssh -i ${PWD}/ci/deploy_key"
+
+echo "Publishing chart via chartpress..."
+SOURCE_TAG=${GITHUB_REF#refs/tags/}
+IMAGE_PREFIX=ghcr.io/kubism/
+if [ "${SOURCE_TAG:-}" == "" ]; then
+    # Using --long, we are ensured to get a build suffix, which ensures we don't
+    # build the same tag twice.
+    chartpress --skip-build --publish-chart --long --image-prefix $IMAGE_PREFIX
+else
+    # Setting a tag explicitly enforces a rebuild if this tag had already been
+    # built and we wanted to override it.
+    chartpress --skip-build --publish-chart --tag "${SOURCE_TAG}" --image-prefix $IMAGE_PREFIX
+fi
+
+# Let us log the changes chartpress did, it should include replacements for
+# fields in values.yaml, such as what tag for various images we are using.
+echo "Changes from chartpress:"
+git --no-pager diff